[cabfpub] EV Wildcards
sleevi at google.com
Fri Mar 20 07:12:38 MST 2015
On Mar 20, 2015 7:02 AM, "Bruce Morton" <bruce.morton at entrust.com> wrote:
> My main point is that adding wildcard will provide same-ness with OV/DV
without increasing security. This may appear to be a change for marketing
purposes and not for security issues. I think that it is hard to increase
security, so we need to be careful if we are planning to reduce it.
I absolutely agree with the need to be critical when evaluating proposals
here, especially to understand the reasoning.
That said, I do think the heart of the debate questions around whether we
are reducing security at all. That is, if we are simply moving laterally to
acknowledge the world as it is.
I'm still trying to work around your scenario to understand whether or not
EV would provide any value or mitigation. Certainly, the attacker who has
that subdomain could totally get a DV cert under the BRGs, so it is not
that SSL acts as the bar against that.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public